How to Write an NDA in 2026 (With Free Template)

The NDA — non-disclosure agreement — is the most-used legal document among startup founders, freelancers, and consultants, and one of the most over-used. Many of the situations where someone insists on an NDA don't actually warrant one; many situations that genuinely need confidentiality protection get handled with a casual handshake. This guide walks through when an NDA is worth the friction, the difference between mutual and one-way NDAs, the 7 sections every NDA needs, common mistakes that make NDAs unenforceable, and how to use a free template instead of paying $200 to a lawyer for routine confidentiality protection.

For the standard cases, our non-disclosure agreement template handles both mutual and one-way structures with the standard legal language pre-built.

When you actually need an NDA

NDAs are appropriate when there's a real risk of confidential information being shared with parties who could use it to your detriment. The honest list of situations where an NDA actually matters:

Hiring employees with access to trade secrets. Customer lists, proprietary processes, source code, financial details. A signed employee NDA at the start of employment establishes the legal framework for confidentiality. Our employee NDA template is the standard companion to an offer letter.

Engaging consultants or contractors with access to sensitive information. Marketing agencies seeing your customer data, developers working on proprietary code, accountants seeing financial details. NDA protects the work product and the underlying information.

Discussing potential business deals with non-trivial detail. Joint ventures, acquisitions, partnerships, large vendor relationships. Both sides typically want mutual NDAs covering what they share with each other.

Sharing technical innovations before patent filing. Particularly important for inventors or technical founders pre-patent. Public disclosure can void patentability; NDAs preserve the option.

Negotiating with potential investors at a sufficiently advanced stage. Late-stage rounds where due diligence requires sharing customer lists, contracts, and detailed financials.

Situations where NDAs typically aren't needed:

• Pitching to VCs at the seed/Series A stage (they typically won't sign and the legal exposure isn't worth it for them)
• Casual conversations about general business ideas
• Information that's already publicly disclosed
• Routine vendor relationships where standard contract language covers confidentiality

A common founder mistake: insisting on NDAs in situations where no one with legal sophistication will sign them. The real question to ask is whether the specific information being shared genuinely warrants the legal infrastructure.

Mutual vs one-way NDAs

The two main NDA structures cover different scenarios:

Mutual NDA (sometimes called "two-way NDA"): both parties agree to protect each other's confidential information. Used when both sides will share sensitive information during the relationship — partnership discussions, joint ventures, acquisition talks, peer-to-peer business discussions.

One-way NDA (sometimes called "unilateral NDA"): only one party (the "Disclosing Party") shares confidential information; the other party (the "Receiving Party") agrees to protect it. Used in employment relationships, contractor engagements where you're hiring someone to work with your data, or pitch situations where one side has the proprietary information.

For most startup founder situations, the right pattern:

• Pitch deck shared with employees or contractors → one-way NDA (you're the discloser)
• Partnership discussion with another company → mutual NDA
• Hiring an employee → employee NDA (one-way, with IP assignment)
• Engaging a contractor → consulting agreement (often includes NDA provisions, see our freelance contract template for the integrated version)

Both structures use the same core sections — the difference is which side has confidentiality obligations. Our NDA template includes both versions with notes on which to use when.

The 7 sections every NDA needs

Whether mutual or one-way, every NDA should include these sections:

1. Definition of confidential information. What specifically is covered? Be reasonably specific — "all information shared between the parties" is too broad to enforce; "all information related to the development of Project X, including technical specifications, customer lists, financial data, and business strategy" is enforceable.

2. Exclusions from confidentiality. Information that's already public, was already known to the receiving party before disclosure, becomes public through no fault of the receiving party, or was independently developed without using the disclosed information. These exclusions are standard and shouldn't be negotiated away — without them, the NDA is unenforceable on basic public information.

3. Obligations of the receiving party. What can they do with the information (use it for the specific purpose of evaluating the relationship, working on the project) and what they can't do (share it with third parties, use it for their own purposes, disclose it after the relationship ends).

4. Term of confidentiality. How long the obligations last. Typical: 2-5 years for most business information, perpetual for trade secrets. Avoid overly long terms (10+ years) — courts often find them unreasonable and refuse to enforce.

5. Permitted disclosures. Carve-outs for legally required disclosures (subpoenas, court orders, regulatory requirements). Standard provision; the receiving party should notify the disclosing party before complying with any required disclosure when legally permitted.

6. Return or destruction of materials. When the relationship ends, the receiving party agrees to return or destroy confidential materials. Important for managing what happens to physical and digital copies after the engagement.

7. Standard legal provisions. Governing law (which state's law applies), dispute resolution mechanism (typically arbitration or litigation in a specified venue), severability (if one provision is unenforceable, the rest still apply), and entire agreement (this NDA is the complete agreement, not modified by oral promises).

A complete NDA following this structure is typically 2-4 pages. Anything longer is usually padding or unnecessary complexity.

Common mistakes that make NDAs unenforceable

Five common errors that turn an NDA into an unenforceable document:

Overly broad confidential information definition. "All information of any kind exchanged between the parties forever" sounds protective but is likely unenforceable in court. Specificity matters — what kinds of information, related to what subject matter.

No time limit (or impossibly long term). A "perpetual" NDA on routine business information is typically reduced or struck down by courts as unreasonable. 2-5 years is the standard range; perpetual is acceptable only for true trade secrets.

Geographic scope too broad. An NDA that purports to apply globally for all purposes is typically reduced by courts to reasonable scope. Specify the geographic application related to the actual purpose.

No consideration. In some states, an NDA needs to be supported by something each party gets in return ("consideration"). Pure post-employment NDAs without continued employment or other consideration may be unenforceable. Use the NDA before or at the start of the relationship, not retroactively.

Conflict with employee's general right to work. NDAs that effectively prevent an employee from working in their field anywhere may be reclassified as unenforceable non-competes in many jurisdictions. Focus the NDA on actual confidential information, not industry knowledge generally.

Free template

Our non-disclosure agreement template is built around the 7-section structure above with both mutual and one-way variations. Variables for: parties' names and addresses, specific confidential information categories, term length, governing law, and venue. The template includes the standard exclusions and legal provisions that hold up in US courts.

For the related templates that startups often need alongside an NDA: the employee NDA template for new hires (includes IP assignment), the freelance contract template for contractor engagements (NDA provisions integrated into the broader contract), and the non-compete agreement template where state law allows non-competes.

To use the template:

1. Download the template from the link above.
2. Customize the parties section with the names and addresses of both parties.
3. Customize the confidential information definition for your specific situation.
4. Choose your term length (2-5 years for most cases).
5. Specify governing law and venue (typically your state of formation for a startup).
6. Both parties sign and date.
7. Each party retains a signed copy.

The whole process takes 15-30 minutes. For the standard situations covered by the template, this is functionally equivalent to a $200-500 lawyer-drafted NDA at zero cost.

FAQ

Q: Does an NDA need to be signed by both parties to be valid? For mutual NDAs, yes — both parties have obligations and need to sign. For one-way NDAs, only the receiving party (the one taking on confidentiality obligations) strictly needs to sign, though best practice is for both parties to sign acknowledging the agreement.

Q: Can I use an NDA from another country or state? NDAs are governed by the law of the state specified in the agreement. A template designed for one US state usually works as a starting point for others, but state-specific provisions (especially around trade secrets, employee provisions, and arbitration enforceability) may need adjustment. For international use, consult counsel licensed in the target jurisdiction.

Q: How long should an NDA last? For routine business information: 2-5 years post-disclosure. For trade secrets (formulas, processes, customer lists with non-public information): can be perpetual but courts may apply a reasonableness limit. Match the term to the actual sensitivity period of the information.

Q: Will an NDA stop my idea from being stolen? NDAs create legal obligations, not magical protection. They give you a legal claim if the other party violates the agreement, but they don't physically prevent disclosure. The honest framing: NDAs deter casual misuse and provide a remedy for serious breaches, but they're not a substitute for sharing only what you need to share with parties you have reason to trust.

Q: What's the difference between an NDA and a confidentiality clause in a contract? Functionally similar. NDAs are standalone documents focused only on confidentiality; confidentiality clauses are sections within broader contracts (employment agreements, service contracts, partnership agreements) that handle the same confidentiality obligations as part of a larger relationship. For ongoing relationships, integrated clauses are often cleaner than separate NDAs.

The Short Version

Most startup founders need NDAs in specific situations — hiring employees with sensitive access, engaging contractors with proprietary information, late-stage investor due diligence, partnership discussions involving real detail. The 7 required sections (definition, exclusions, obligations, term, permitted disclosures, return of materials, standard legal provisions) form a complete NDA in 2-4 pages. Our free NDA template, employee NDA template, and freelance contract cover the common scenarios. The honest framing: free templates produce the same legal protection as $200-500 lawyer-drafted NDAs for routine cases; reserve lawyer time for complex international, regulated-industry, or genuinely high-stakes confidentiality work.